Most likely it is a probe for systems running the LinuxConf configuration
daemon that uses TCP port 98. See the CVE reference CAN-2000-0017 at
www.cve.mitre.org for some details about this vulnerability.
Ken McKinlay
613-599-9199 x506
[EMAIL PROTECTED]
> -----Original Message-----
> From: Dave Horsfall [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 26, 2001 17:36
> To: Firewalls List
> Subject: Attack on port 98, and a NetSoil heads-up
>
>
> This is "tacnews" in Assigned Numbers; what the heck is that?
>
> Feb 26 07:37:14 denied tcp 203.143.18.35(1468) ->
> 192.84.230.3(98), 1 packet
> Feb 26 07:37:14 denied tcp 203.143.18.35(1490) ->
> 192.84.230.25(98), 1 packet
> Feb 26 07:37:14 denied tcp 203.143.18.35(1500) ->
> 192.84.230.35(98), 1 packet
>
> Etc. No rDNS, of course.
>
> And a heads-up; if you aren't already aware, NetSoil (Network
> Solutions) is
> in the habit of pinging everyone (or just its clients?); I've
> also seen
> attempted LDAP probes from them. Naturally, requests for an
> explanation
> fall upon deaf ears.
>
> Feb 26 09:05:00 denied icmp 216.168.227.250 -> 192.84.230.33
> (8/0), 1 packet
> Feb 26 09:10:19 denied icmp 216.168.227.250 -> 192.84.230.33
> (8/0), 17 packets
> Feb 26 11:39:18 denied icmp 216.168.227.250 -> 192.84.230.33
> (8/0), 3 packets
>
> -- Dave
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
